[Freeipa-devel] Bug?
Martin Kosek
mkosek at redhat.com
Tue Jun 25 06:55:43 UTC 2013
On 06/24/2013 03:00 PM, Rob Crittenden wrote:
> Dean Hunter wrote:
>> Is this a bug for which I should open a bug report?
>>
>> # Configure the Network File Server
>>
>> yum install --assumeyes freeipa-admintools
>> Loaded plugins: langpacks, refresh-packagekit
>> Package freeipa-admintools-3.2.1-1.fc19.x86_64 already installed and
>> latest version
>> Nothing to do
>>
>> echo adminpassword | kinit admin
>> Password for admin at HUNTER.ORG <mailto:admin at HUNTER.ORG>
>>
>> ipa service-add nfs/ipa19.hunter.org
>> -----------------------------------------------
>> Added service "nfs/ipa19.hunter.org at HUNTER.
>> <mailto:ipa19.hunter.org at HUNTER>ORG"
>> -----------------------------------------------
>> Principal: nfs/ipa19.hunter.org at HUNTER.ORG
>> Managed by: ipa19.hunter.org
>>
>> ipa-getkeytab \\
>> --keytab /etc/krb5.keytab \\
>> --principal nfs/ipa19.hunter.org \\
>> --server ipa19.hunter.org
>> Failed to retrieve encryption type Camellia-128 CTS mode with CMAC (#25)
>> Failed to retrieve encryption type Camellia-256 CTS mode with CMAC (#26)
>>
>> kdestroy
>
> Not really. Camellia was enabled by default in 1.11 (it was added back in 1.9,
> but disabled by default). IPA does not currently enable the cipher on the KDC.
>
> So this is the client requesting all enabled ciphers and the server not
> returning the Camellia ciphers. It is just a warning.
>
> At best this is an RFE to enable Camellia by default on the KDC.
>
> rob
I filed an upstream ticket:
https://fedorahosted.org/freeipa/ticket/3749
Thanks Dean and Rob!
Martin
More information about the Freeipa-devel
mailing list